package com.example.javawebdemo.filters;//package com.example.javawebdemo.filters;
//
//import jakarta.servlet.*;
//import jakarta.servlet.annotation.WebFilter;
//import jakarta.servlet.http.HttpServletRequest;
//import jakarta.servlet.http.HttpServletResponse;
//import java.io.IOException;
//@WebFilter(urlPatterns = "/HelloServlet")
//public class LoginValidationFilter implements Filter {
//    @Override
//    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
//            throws IOException, ServletException {
//        HttpServletRequest request = (HttpServletRequest) req;
//        HttpServletResponse response = (HttpServletResponse) resp;
//
//        String action = request.getParameter("action");
//        // 只拦截登录和注册请求
//        if (!"login".equals(action) && !"register".equals(action)) {
//            chain.doFilter(request, response);
//            return;
//        }
//
//        String username = request.getParameter("username");
//        String password = request.getParameter("password");
//
//        // 基本参数非空验证
//        if (username == null || username.trim().isEmpty() ||
//                password == null || password.trim().isEmpty()) {
//            request.setAttribute("errorMessage", "用户名和密码不能为空");
//            RequestDispatcher rd = request.getRequestDispatcher("login.jsp");
//            rd.forward(request, response);
//            return;
//        }
//        chain.doFilter(request, response);
//    }
//}

// LoginValidationFilter.java

import com.example.javawebdemo.dao.DAOFactory;
import com.example.javawebdemo.dao.UserDAO;
import com.example.javawebdemo.models.User;
import com.example.javawebdemo.strategy.BCryptHasher;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebFilter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

/*
4.模板方法模式 (Template Method) - Filter通用逻辑
 */


@WebFilter(urlPatterns = {"/auth/*"}) // 配置过滤路径
public class LoginValidationFilter extends AbstractValidationFilter {

    // 标记哪些action需要过滤
    @Override
    protected boolean shouldFilter(HttpServletRequest request) {
        String action = request.getParameter("action");
        return "login".equals(action) || "register".equals(action);
    }

    // 核心验证逻辑
    @Override
    protected boolean validate(HttpServletRequest request) {
        try {
            String action = request.getParameter("action");
            request.setCharacterEncoding("UTF-8");

            // 公共参数校验
            String username = request.getParameter("username");
            String password = request.getParameter("password");
            if (username == null || username.trim().isEmpty() ||
                    password == null || password.trim().isEmpty()) {
                request.setAttribute("errorMessage", "用户名和密码不能为空");
                return false;
            }

            // 区分登录和注册的逻辑校验
            if ("register".equals(action)) {
                String confirmPass = request.getParameter("confirmPassword");
                if (!password.equals(confirmPass)) {
                    request.setAttribute("errorMessage", "两次输入的密码不一致");
                    return false;
                }

                if (password.length() < 8) {
                    request.setAttribute("errorMessage", "密码长度必须至少8位");
                    return false;
                }
            } else if ("login".equals(action)) {
                // 用户存在性验证
                UserDAO userDAO = DAOFactory.getUserDAO();
                User user = userDAO.findByUsername(username);
                if (user == null) {
                    request.setAttribute("errorMessage", "用户不存在");
                    return false;
                }

                // 密码加密验证
                BCryptHasher hasher = new BCryptHasher();
                if (!hasher.check(password, user.getPassword())) {
                    request.setAttribute("errorMessage", "密码错误");
                    return false;
                }
            }

            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    // 验证失败处理
    @Override
    protected void handleValidationFailure(
            HttpServletRequest request,
            HttpServletResponse response
    ) throws ServletException, IOException {
        String forwardPath = "/login.jsp";
        if ("register".equals(request.getParameter("action"))) {
            forwardPath = "/register.jsp";
        }

        request.getRequestDispatcher(forwardPath).forward(request, response);
    }
}


